CHAPTER 1

Cisco VPN Solutions Center Installation Requirements

Cisco VPN Solutions Center (hereafter referred to as VPNSC) is a network service and management system that defines and monitors both MPLS-based and IPsec-based virtual private network (VPN) services for service providers. VPNSC allows service providers to seamlessly provision and manage intranet and extranet VPNs. The product provides the aspect of operations management that addresses flow-through provisioning, service auditing, and Service Level Agreement (SLA) measurement of IP-based VPN environments. VPN Solutions Center focuses on provisioning, auditing, and monitoring the links between the customer’s edge routers through the providers’s network. In an MPLS network, a customer edge router (CE) is connected to a provider edge router (PE) in such a way that the customer’s traffic is encapsulated and transparently sent to other CEs, thus creating a virtual private network. The VPN Solutions Center provisioning engine for MPLS accesses the configuration files on both the CE and PE to compute the necessary changes to the configuration files to support the service on the PE-CE link.

Figure 1-1 VPN Solutions Center: MPLS Solution in the Service Provider Network

Service Provider Network Network management subnet VPN Telnet Solutions Gateway Center Server

NetFlow NetFlow Collector Collector Customer 1 Customer 1

Service provider CE PE MPLS core PE CE 49096

As illustrated in Figure 1-1, Cisco requires that the VPN Solutions Center software is installed on its own dedicated system. The VPN Solutions Center workstation is connected on a LAN to one or more Telnet Gateway servers.

Cisco VPN Solutions Center Installation Guide DOC-7812191= 1-1 Chapter 1 Cisco VPN Solutions Center Installation Requirements System Recommendations

In an IP Security (IPsec) network, an edge device router in one site (sometimes referred to as CPE, “Customer Premises Equipment”) connects to another edge device router in a second site as defined by the IP Security protocol. The IP traffic is encrypted and encapsulated at the edge device router’s secured interface, and then sent to the destination edge device router through the IPsec tunnel, thus providing privacy and security for the data. The VPN Solutions Center provisioning engine for IPsec accesses the configuration files on both the CPEs to compute the necessary changes required to set up the IPsec VPN. Figure 1-2 shows how the VPN Solutions Center 2.0 fits into the service provider IPsec network.

Figure 1-2 VPN Solutions Center: IPsec Solution in the Service Provider Network

Secured interface and Loopback interface Management interface

Customer site 1Service provider Customer site 2 network

IPsec VPN Router-1 PE VPNSC Network PE Router-2 Management Subnet

Non secured interface VPNSC Network Management Subnet VPNSC Telnet gateway Telnet gateway workstation server server 49078

The VPN Solutions Center 2.0 workstation, in conjunction with one or more Telnet Gateway servers, comprises the VPNSC Network Management Subnet. Each edge device router has one secured interface through which secure traffic flows to and from the other edge device routers in the IPsec VPN. The edge device router’s nonsecured interface faces the customer’s campus intranet.

System Recommendations

This chapter describes the system recommendations for the Cisco VPN Solutions Center workstation, as well as the other devices VPNSC communicates with in both the MPLS and IPsec networks. This chapter also tells you how to mount a locally attached or remotely attached CD-ROM drive. The system recommendations are organized in the following categories: • VPN Solutions Center Workstation Recommendations • Cisco IOS Recommendations for IPsec Edge Devices • Cisco IOS Recommendations for PEs and CEs • NetFlow Collector Device Recommendations

Cisco VPN Solutions Center Installation Guide 1-2 DOC-7812191= Chapter 1 Cisco VPN Solutions Center Installation Requirements System Recommendations

VPN Solutions Center Workstation Recommendations

The system recommendations for the VPN Solutions Center workstation are as follows:

Table 1-1 Workstation Recommendations for VPN Solutions Center

Number of Edge Routers VPNSC Workstation RAM Disk Space Up to 500 Minimum: Sun Ultra™ 60 (1 CPU) 1 GB 20+ GB For Growth: Sun Enterprise™ 250 (2 CPUs) 500 to 1,500 Minimum: Sun Ultra™ 60 (2 CPUs) 1 GB 20+ GB For Growth: Sun Enterprise™ 250 (2 CPUs) 1,500 to 3,000 and above Sun Enterprise™ 450 (4 CPUs) 1 GB 20+ GB

Note The disk space for 20+ GBytes is required only when NetFlow collection is running in the service provider network. Otherwise, the standard hard disk that is shipped with the Sun system is sufficient.

Operating System

Currently, the VPN Solutions Center software can run under Solaris 2.6 or Solaris 7.

Caution When you install Solaris 2.6 or Solaris 7, be sure to choose either the Developer System Support or the Entire Distribution software groups. — Do not choose the End User System software group. The Developer System Support and Entire Distribution software groups contain the software required for a correct operating system installation (such as the SUNWbtool and SUNWsprot packages).

If you encounter difficulty in the Solaris 2.6 installation, see the “Troubleshooting the Solaris 2.6 Installation” section on page 4-4.

CD-ROM Drive

Installation of the VPN Solutions Center software requires that the VPN Solutions Center workstation have a CD-ROM drive. For related information, see the “Mounting a Locally Attached CD-ROM Drive” section on page 1-5 and “Mounting a Remotely Attached CD-ROM Drive” section on page 1-6.

Disk Space Requirements

The disk space requirements for the various components are as follows: • VPN Solutions Center workstation: 600 MB This includes 500 MB for the VPN Solutions Center software and Repository data, plus 100 MB for the Orbix software. • Telnet Gateway Servers: 200 MB

Cisco VPN Solutions Center Installation Guide DOC-7812191= 1-3 Chapter 1 Cisco VPN Solutions Center Installation Requirements System Recommendations

This includes 100 MB for the Orbix software and 100 MB for the Telnet Gateway Server software. • NetFlow Collector Devices: 20+ GB FlowCollector requires at least 2 MB of disk space for its binary and configuration files.

Internet Browser and SA Agent Recommendations

• Internet browser: Netscape 4.7 or later is recommended.

Note Running the Netscape browser with VPN Solutions Center 2.0 requires the Java Plug-in 1.12_004 for Solaris 2.4 to 2.6. You can retrieve this plug-in from the following site: http://java.sun.com/products/plugin/1.1.2/download.html

• To include Service Assurance Agent (SA Agent) support, use IOS 12.0(7)T or later, using the IP feature set (i-train).

Cisco IOS Recommendations for IPsec Edge Device Routers

This section summarizes the system recommendations for IPsec edge device routers (also referred to as CPEs, “customer premises equipment”). • Operating System: Cisco IOS 12.2(1) or later, using the the K8 or K9 images. • Hardware: Cisco router • Memory: A minimum 128 MB of RAM. Additional memory is advisable.

Cisco IOS Recommendations for PEs and CEs

For Provider Edge Routers (PEs) and Customer Edge Routers (CEs) in the service provider network, Cisco recommends the following: • For Provider Edge Routers (PEs): Cisco IOS 12.1(5a)T or later, using the Service Provider feature set. For Inter-Switch Link (ISL) between the PE and CE, the Enterprise feature set is required. • For Customer Edge Routers (CEs): Cisco IOS 12.0 or later. Cisco IOS 11.3 and below is not recommended for CEs.

NetFlow Collector Device Recommendations

FlowCollector generates output files containing aggregated data. These files require additional disk space; the exact amount of disk space required depends on the flow arrival rate, collection interval, number of aggregation schemes specified, binary versus ASCII data file types, use of compression, and data file retention policies. • To collect NetFlow accounting data, install NetFlow Collector 3.0 on an workstation separate from the VPN Solutions Center workstation. The Netflow Collector workstation must have a network connection to the PE device.

Cisco VPN Solutions Center Installation Guide 1-4 DOC-7812191= Chapter 1 Cisco VPN Solutions Center Installation Requirements Mounting a Locally Attached CD-ROM Drive

Note Cisco recommends that each PE in the service provider network have a LAN connection to a NetFlow Collector device.

• Operating System: Solaris 2.6 or Solaris 7. • Hardware: Sun Ultra™ 1 with a CD-ROM drive • Memory: A minimum 128 MB of RAM with 256 MB of RAM. Additional memory is advisable. • Disk Space: 20+ GB FlowCollector requires at least 2 MB of disk space for its binary and configuration files.

NetFlow Documentation

The entire installation process is explained in detail in the NetFlow FlowCollector Installation and User Guide in Chapter 2, “Installing and Configuring FlowCollector.” Installation troubleshooting information is located in the NetFlow FlowCollector Installation and User Guide in Appendix A, “Troubleshooting FlowCollector.” For details on setting up NetFlow accounting in VPN Solutions Center MPLS software, refer to “MPLS VPN NetFlow Accounting” in Chapter 5 of the Cisco VPN Solutions Center: MPLS Solution Provisioning and Operations Guide.

Mounting a Locally Attached CD-ROM Drive

The mount instructions for a locally attached CD-ROM drive for the various operating systems supported by Cisco software are provided in this section.

Step 1 When a CD-ROM drive mount point does not exist, create one as follows: host# mkdir /cdrom

Note When the CD-ROM drive is already mounted or you are running the volume manager with Solaris on a Sun SPARC system, this mounting step is not necessary.

Step 2 Mount the CD-ROM drive on the mount point. Step 3 For Solaris (when not running Volume Management), issue the following command: host# /usr/sbin/mount -rF hsfs device_name /cdrom where device is the name of the locally attached CD-ROM drive. For example, to mount the CD-ROM from the local drive named /dev/dsk/c0t6d0s0, specify: host# /usr/sbin/mount -rF hsfs /dev/dsk/c0t6d0s0 /cdrom

Cisco VPN Solutions Center Installation Guide DOC-7812191= 1-5 Chapter 1 Cisco VPN Solutions Center Installation Requirements Mounting a Remotely Attached CD-ROM Drive

Mounting a Remotely Attached CD-ROM Drive

The mount instructions for a remotely attached CD-ROM drive for the various operating systems supported by Cisco software are provided in this section. The CD-ROM drive must be mounted on the remote system (following the steps provided in the previous section), the mount point must then be exported, and it must be mounted on the machine where the Cisco NSM software is to be installed.

Exporting the CD-ROM Drive from a Remote Solaris Host

Prior to mounting the CD-ROM drive from the remote host, the device must be made accessible. The following procedures are performed on the remote system where the CD-ROM drive is attached. To export the CD-ROM drive from a remote Solaris host, follow these steps:

Step 1 When they are not already running, start the following NFS mount daemons: host# /usr/lib/nfs/nfsd 8 host# /usr/lib/nfs/mountd Step 2 Issue the following command to share the mount point from the remote system: host# /usr/sbin/share -F nfs -o ro /cdrom/vpnsc_dir Step 3 Verify the remote host is exporting the mount point. The listing produced by this command should include the /cdrom mount point. host# /usr/sbin/share Step 4 On the client machine, verify the mount point on the remote host: host# /usr/sbin/showmount -e remote_server | grep cdrom where remote_server is the name of the remote host where the CD-ROM drive is mounted. Step 5 On the client machine, mount the remotely installed CD-ROM device: host# /usr/sbin/mount remote_server:/cdrom local_mount_point where local_mount_point is the mount point on the client machine for the remotely mounted CD-ROM drive.

Cisco VPN Solutions Center Installation Guide 1-6 DOC-7812191=